xref: /freebsd/sys/ufs/ffs/ffs_subr.c (revision 7c20397b724a55001c2054fa133a768e9d06eb1c)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1982, 1986, 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  *	@(#)ffs_subr.c	8.5 (Berkeley) 3/21/95
32  */
33 
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36 
37 #include <sys/param.h>
38 #include <sys/limits.h>
39 
40 #ifndef _KERNEL
41 #include <stdio.h>
42 #include <string.h>
43 #include <stdlib.h>
44 #include <time.h>
45 #include <sys/errno.h>
46 #include <ufs/ufs/dinode.h>
47 #include <ufs/ffs/fs.h>
48 
49 uint32_t calculate_crc32c(uint32_t, const void *, size_t);
50 uint32_t ffs_calc_sbhash(struct fs *);
51 struct malloc_type;
52 #define UFS_MALLOC(size, type, flags) malloc(size)
53 #define UFS_FREE(ptr, type) free(ptr)
54 #define maxphys MAXPHYS
55 
56 #else /* _KERNEL */
57 #include <sys/systm.h>
58 #include <sys/gsb_crc32.h>
59 #include <sys/lock.h>
60 #include <sys/malloc.h>
61 #include <sys/mount.h>
62 #include <sys/vnode.h>
63 #include <sys/bio.h>
64 #include <sys/buf.h>
65 #include <sys/ucred.h>
66 
67 #include <ufs/ufs/quota.h>
68 #include <ufs/ufs/inode.h>
69 #include <ufs/ufs/extattr.h>
70 #include <ufs/ufs/ufsmount.h>
71 #include <ufs/ufs/ufs_extern.h>
72 #include <ufs/ffs/ffs_extern.h>
73 #include <ufs/ffs/fs.h>
74 
75 #define UFS_MALLOC(size, type, flags) malloc(size, type, flags)
76 #define UFS_FREE(ptr, type) free(ptr, type)
77 
78 #endif /* _KERNEL */
79 
80 /*
81  * Verify an inode check-hash.
82  */
83 int
84 ffs_verify_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip)
85 {
86 	uint32_t ckhash, save_ckhash;
87 
88 	/*
89 	 * Return success if unallocated or we are not doing inode check-hash.
90 	 */
91 	if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0)
92 		return (0);
93 	/*
94 	 * Exclude di_ckhash from the crc32 calculation, e.g., always use
95 	 * a check-hash value of zero when calculating the check-hash.
96 	 */
97 	save_ckhash = dip->di_ckhash;
98 	dip->di_ckhash = 0;
99 	ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip));
100 	dip->di_ckhash = save_ckhash;
101 	if (save_ckhash == ckhash)
102 		return (0);
103 	return (EINVAL);
104 }
105 
106 /*
107  * Update an inode check-hash.
108  */
109 void
110 ffs_update_dinode_ckhash(struct fs *fs, struct ufs2_dinode *dip)
111 {
112 
113 	if (dip->di_mode == 0 || (fs->fs_metackhash & CK_INODE) == 0)
114 		return;
115 	/*
116 	 * Exclude old di_ckhash from the crc32 calculation, e.g., always use
117 	 * a check-hash value of zero when calculating the new check-hash.
118 	 */
119 	dip->di_ckhash = 0;
120 	dip->di_ckhash = calculate_crc32c(~0L, (void *)dip, sizeof(*dip));
121 }
122 
123 /*
124  * These are the low-level functions that actually read and write
125  * the superblock and its associated data.
126  */
127 static off_t sblock_try[] = SBLOCKSEARCH;
128 static int readsuper(void *, struct fs **, off_t, int,
129 	int (*)(void *, off_t, void **, int));
130 static int validate_sblock(struct fs *, int);
131 
132 /*
133  * Read a superblock from the devfd device.
134  *
135  * If an alternate superblock is specified, it is read. Otherwise the
136  * set of locations given in the SBLOCKSEARCH list is searched for a
137  * superblock. Memory is allocated for the superblock by the readfunc and
138  * is returned. If filltype is non-NULL, additional memory is allocated
139  * of type filltype and filled in with the superblock summary information.
140  * All memory is freed when any error is returned.
141  *
142  * If a superblock is found, zero is returned. Otherwise one of the
143  * following error values is returned:
144  *     EIO: non-existent or truncated superblock.
145  *     EIO: error reading summary information.
146  *     ENOENT: no usable known superblock found.
147  *     ENOMEM: failed to allocate space for the superblock.
148  *     EINVAL: The previous newfs operation on this volume did not complete.
149  *         The administrator must complete newfs before using this volume.
150  */
151 int
152 ffs_sbget(void *devfd, struct fs **fsp, off_t sblock, int flags,
153     struct malloc_type *filltype,
154     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
155 {
156 	struct fs *fs;
157 	struct fs_summary_info *fs_si;
158 	int i, error;
159 	uint64_t size, blks;
160 	uint8_t *space;
161 	int32_t *lp;
162 	char *buf;
163 
164 	fs = NULL;
165 	*fsp = NULL;
166 	if (sblock != UFS_STDSB) {
167 		if ((error = readsuper(devfd, &fs, sblock,
168 		    flags | UFS_ALTSBLK, readfunc)) != 0) {
169 			if (fs != NULL)
170 				UFS_FREE(fs, filltype);
171 			return (error);
172 		}
173 	} else {
174 		for (i = 0; sblock_try[i] != -1; i++) {
175 			if ((error = readsuper(devfd, &fs, sblock_try[i],
176 			     flags, readfunc)) == 0) {
177 				if ((flags & UFS_NOCSUM) != 0) {
178 					*fsp = fs;
179 					return (0);
180 				}
181 				break;
182 			}
183 			if (fs != NULL) {
184 				UFS_FREE(fs, filltype);
185 				fs = NULL;
186 			}
187 			if (error == ENOENT)
188 				continue;
189 			return (error);
190 		}
191 		if (sblock_try[i] == -1)
192 			return (ENOENT);
193 	}
194 	/*
195 	 * Read in the superblock summary information.
196 	 */
197 	size = fs->fs_cssize;
198 	blks = howmany(size, fs->fs_fsize);
199 	if (fs->fs_contigsumsize > 0)
200 		size += fs->fs_ncg * sizeof(int32_t);
201 	size += fs->fs_ncg * sizeof(u_int8_t);
202 	if ((fs_si = UFS_MALLOC(sizeof(*fs_si), filltype, M_NOWAIT)) == NULL) {
203 		UFS_FREE(fs, filltype);
204 		return (ENOMEM);
205 	}
206 	bzero(fs_si, sizeof(*fs_si));
207 	fs->fs_si = fs_si;
208 	if ((space = UFS_MALLOC(size, filltype, M_NOWAIT)) == NULL) {
209 		UFS_FREE(fs->fs_si, filltype);
210 		UFS_FREE(fs, filltype);
211 		return (ENOMEM);
212 	}
213 	fs->fs_csp = (struct csum *)space;
214 	for (i = 0; i < blks; i += fs->fs_frag) {
215 		size = fs->fs_bsize;
216 		if (i + fs->fs_frag > blks)
217 			size = (blks - i) * fs->fs_fsize;
218 		buf = NULL;
219 		error = (*readfunc)(devfd,
220 		    dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size);
221 		if (error) {
222 			if (buf != NULL)
223 				UFS_FREE(buf, filltype);
224 			UFS_FREE(fs->fs_csp, filltype);
225 			UFS_FREE(fs->fs_si, filltype);
226 			UFS_FREE(fs, filltype);
227 			return (error);
228 		}
229 		memcpy(space, buf, size);
230 		UFS_FREE(buf, filltype);
231 		space += size;
232 	}
233 	if (fs->fs_contigsumsize > 0) {
234 		fs->fs_maxcluster = lp = (int32_t *)space;
235 		for (i = 0; i < fs->fs_ncg; i++)
236 			*lp++ = fs->fs_contigsumsize;
237 		space = (uint8_t *)lp;
238 	}
239 	size = fs->fs_ncg * sizeof(u_int8_t);
240 	fs->fs_contigdirs = (u_int8_t *)space;
241 	bzero(fs->fs_contigdirs, size);
242 	*fsp = fs;
243 	return (0);
244 }
245 
246 /*
247  * Try to read a superblock from the location specified by sblockloc.
248  * Return zero on success or an errno on failure.
249  */
250 static int
251 readsuper(void *devfd, struct fs **fsp, off_t sblockloc, int flags,
252     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
253 {
254 	struct fs *fs;
255 	int error, res;
256 	uint32_t ckhash;
257 
258 	error = (*readfunc)(devfd, sblockloc, (void **)fsp, SBLOCKSIZE);
259 	if (error != 0)
260 		return (error);
261 	fs = *fsp;
262 	if (fs->fs_magic == FS_BAD_MAGIC)
263 		return (EINVAL);
264 	/*
265 	 * For UFS1 with a 65536 block size, the first backup superblock
266 	 * is at the same location as the UFS2 superblock. Since SBLOCK_UFS2
267 	 * is the first location checked, the first backup is the superblock
268 	 * that will be accessed. Here we fail the lookup so that we can
269 	 * retry with the correct location for the UFS1 superblock.
270 	 */
271 	if (fs->fs_magic == FS_UFS1_MAGIC && (flags & UFS_ALTSBLK) == 0 &&
272 	    fs->fs_bsize == SBLOCK_UFS2 && sblockloc == SBLOCK_UFS2)
273 		return (ENOENT);
274 	if ((error = validate_sblock(fs, flags)) > 0)
275 		return (error);
276 	/*
277 	 * If the filesystem has been run on a kernel without
278 	 * metadata check hashes, disable them.
279 	 */
280 	if ((fs->fs_flags & FS_METACKHASH) == 0)
281 		fs->fs_metackhash = 0;
282 	/*
283 	 * Clear any check-hashes that are not maintained
284 	 * by this kernel. Also clear any unsupported flags.
285 	 */
286 	fs->fs_metackhash &= CK_SUPPORTED;
287 	fs->fs_flags &= FS_SUPPORTED;
288 	if (fs->fs_ckhash != (ckhash = ffs_calc_sbhash(fs))) {
289 		if ((flags & (UFS_NOMSG | UFS_NOHASHFAIL)) ==
290 		    (UFS_NOMSG | UFS_NOHASHFAIL))
291 			return (0);
292 		if ((flags & UFS_NOMSG) != 0)
293 			return (EINTEGRITY);
294 #ifdef _KERNEL
295 		res = uprintf("Superblock check-hash failed: recorded "
296 		    "check-hash 0x%x != computed check-hash 0x%x%s\n",
297 		    fs->fs_ckhash, ckhash,
298 		    (flags & UFS_NOHASHFAIL) != 0 ? " (Ignored)" : "");
299 #else
300 		res = 0;
301 #endif
302 		/*
303 		 * Print check-hash failure if no controlling terminal
304 		 * in kernel or always if in user-mode (libufs).
305 		 */
306 		if (res == 0)
307 			printf("Superblock check-hash failed: recorded "
308 			    "check-hash 0x%x != computed check-hash "
309 			    "0x%x%s\n", fs->fs_ckhash, ckhash,
310 			    (flags & UFS_NOHASHFAIL) ? " (Ignored)" : "");
311 		if ((flags & UFS_NOHASHFAIL) != 0)
312 			return (0);
313 		return (EINTEGRITY);
314 	}
315 	/* Have to set for old filesystems that predate this field */
316 	fs->fs_sblockactualloc = sblockloc;
317 	/* Not yet any summary information */
318 	fs->fs_si = NULL;
319 	return (0);
320 }
321 
322 /*
323  * Verify the filesystem values.
324  */
325 #define ILOG2(num)	(fls(num) - 1)
326 #ifdef STANDALONE_SMALL
327 #define MPRINT(...)	do { } while (0)
328 #else
329 #define MPRINT(...)	if (prtmsg) printf(__VA_ARGS__)
330 #endif
331 #define FCHK(lhs, op, rhs, fmt)						\
332 	if (lhs op rhs) {						\
333 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
334 		    #fmt ")\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,	\
335 		    #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs);	\
336 		if (error == 0)						\
337 			error = ENOENT;					\
338 	}
339 #define WCHK(lhs, op, rhs, fmt)						\
340 	if (lhs op rhs) {						\
341 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
342 		    #fmt ")%s\n", fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2,\
343 		    #lhs, (intmax_t)lhs, #op, #rhs, (intmax_t)rhs, wmsg);\
344 		if (error == 0)						\
345 			error = warnerr;				\
346 	}
347 #define FCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt)			\
348 	if (lhs1 op1 rhs1 && lhs2 op2 rhs2) {				\
349 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
350 		    #fmt ") && %s (" #fmt ") %s %s (" #fmt ")\n",	\
351 		    fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1,	\
352 		    (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2,	\
353 		    (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2);	\
354 		if (error == 0)						\
355 			error = ENOENT;					\
356 	}
357 #define WCHK2(lhs1, op1, rhs1, lhs2, op2, rhs2, fmt)			\
358 	if (lhs1 op1 rhs1 && lhs2 op2 rhs2) {				\
359 		MPRINT("UFS%d superblock failed: %s (" #fmt ") %s %s ("	\
360 		    #fmt ") && %s (" #fmt ") %s %s (" #fmt ")%s\n",	\
361 		    fs->fs_magic == FS_UFS1_MAGIC ? 1 : 2, #lhs1,	\
362 		    (intmax_t)lhs1, #op1, #rhs1, (intmax_t)rhs1, #lhs2,	\
363 		    (intmax_t)lhs2, #op2, #rhs2, (intmax_t)rhs2, wmsg);	\
364 		if (error == 0)						\
365 			error = warnerr;				\
366 	}
367 
368 static int
369 validate_sblock(struct fs *fs, int flags)
370 {
371 	u_long i, sectorsize;
372 	u_int64_t maxfilesize, sizepb;
373 	int error, prtmsg, warnerr;
374 	char *wmsg;
375 
376 	error = 0;
377 	sectorsize = dbtob(1);
378 	prtmsg = ((flags & UFS_NOMSG) == 0);
379 	warnerr = (flags & UFS_NOWARNFAIL) == UFS_NOWARNFAIL ? 0 : ENOENT;
380 	wmsg = warnerr ? "" : " (Ignored)";
381 	/*
382 	 * If just validating for recovery, then do just the minimal
383 	 * checks needed for the superblock fields needed to find
384 	 * alternate superblocks.
385 	 */
386 	if ((flags & UFS_FSRONLY) == UFS_FSRONLY &&
387 	    (fs->fs_magic == FS_UFS1_MAGIC || fs->fs_magic == FS_UFS2_MAGIC)) {
388 		if (fs->fs_magic == FS_UFS2_MAGIC) {
389 			FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx);
390 		} else if (fs->fs_magic == FS_UFS1_MAGIC) {
391 			FCHK(fs->fs_sblockloc, <, 0, %jd);
392 			FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd);
393 		}
394 		FCHK(fs->fs_frag, <, 1, %jd);
395 		FCHK(fs->fs_frag, >, MAXFRAG, %jd);
396 		FCHK(fs->fs_bsize, <, MINBSIZE, %jd);
397 		FCHK(fs->fs_bsize, >, MAXBSIZE, %jd);
398 		FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE),
399 		    %jd);
400 		FCHK(fs->fs_fsize, <, sectorsize, %jd);
401 		FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd);
402 		FCHK(powerof2(fs->fs_fsize), ==, 0, %jd);
403 		FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd);
404 		FCHK(fs->fs_ncg, <, 1, %jd);
405 		FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd);
406 		FCHK(fs->fs_old_cgoffset, <, 0, %jd);
407 		FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd);
408 		FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg,
409 		    %jd);
410 		FCHK(fs->fs_sblkno, !=, roundup(
411 		    howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize),
412 		    fs->fs_frag), %jd);
413 		return (error);
414 	}
415 	if (fs->fs_magic == FS_UFS2_MAGIC) {
416 		if ((flags & UFS_ALTSBLK) == 0)
417 			FCHK2(fs->fs_sblockactualloc, !=, SBLOCK_UFS2,
418 			    fs->fs_sblockactualloc, !=, 0, %jd);
419 		FCHK(fs->fs_sblockloc, !=, SBLOCK_UFS2, %#jx);
420 		FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) *
421 			sizeof(ufs2_daddr_t)), %jd);
422 		FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs2_daddr_t),
423 		    %jd);
424 		FCHK(fs->fs_inopb, !=,
425 		    fs->fs_bsize / sizeof(struct ufs2_dinode), %jd);
426 	} else if (fs->fs_magic == FS_UFS1_MAGIC) {
427 		if ((flags & UFS_ALTSBLK) == 0)
428 			FCHK(fs->fs_sblockactualloc, >, SBLOCK_UFS1, %jd);
429 		FCHK(fs->fs_sblockloc, <, 0, %jd);
430 		FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd);
431 		FCHK(fs->fs_nindir, !=, fs->fs_bsize / sizeof(ufs1_daddr_t),
432 		    %jd);
433 		FCHK(fs->fs_inopb, !=,
434 		    fs->fs_bsize / sizeof(struct ufs1_dinode), %jd);
435 		FCHK(fs->fs_maxsymlinklen, !=, ((UFS_NDADDR + UFS_NIADDR) *
436 			sizeof(ufs1_daddr_t)), %jd);
437 		WCHK(fs->fs_old_inodefmt, !=, FS_44INODEFMT, %jd);
438 		WCHK(fs->fs_old_rotdelay, !=, 0, %jd);
439 		WCHK(fs->fs_old_rps, !=, 60, %jd);
440 		WCHK(fs->fs_old_nspf, !=, fs->fs_fsize / sectorsize, %jd);
441 		WCHK(fs->fs_old_cpg, !=, 1, %jd);
442 		WCHK(fs->fs_old_interleave, !=, 1, %jd);
443 		WCHK(fs->fs_old_trackskew, !=, 0, %jd);
444 		WCHK(fs->fs_old_cpc, !=, 0, %jd);
445 		WCHK(fs->fs_old_postblformat, !=, 1, %jd);
446 		WCHK(fs->fs_old_nrpos, !=, 1, %jd);
447 		WCHK(fs->fs_old_spc, !=, fs->fs_fpg * fs->fs_old_nspf, %jd);
448 		WCHK(fs->fs_old_nsect, !=, fs->fs_old_spc, %jd);
449 		WCHK(fs->fs_old_npsect, !=, fs->fs_old_spc, %jd);
450 		FCHK(fs->fs_old_ncyl, !=, fs->fs_ncg, %jd);
451 	} else {
452 		/* Bad magic number, so assume not a superblock */
453 		return (ENOENT);
454 	}
455 	FCHK(fs->fs_bsize, <, MINBSIZE, %jd);
456 	FCHK(fs->fs_bsize, >, MAXBSIZE, %jd);
457 	FCHK(fs->fs_bsize, <, roundup(sizeof(struct fs), DEV_BSIZE), %jd);
458 	FCHK(powerof2(fs->fs_bsize), ==, 0, %jd);
459 	FCHK(fs->fs_frag, <, 1, %jd);
460 	FCHK(fs->fs_frag, >, MAXFRAG, %jd);
461 	FCHK(fs->fs_frag, !=, numfrags(fs, fs->fs_bsize), %jd);
462 	FCHK(fs->fs_fsize, <, sectorsize, %jd);
463 	FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd);
464 	FCHK(powerof2(fs->fs_fsize), ==, 0, %jd);
465 	FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd);
466 	FCHK(fs->fs_ncg, <, 1, %jd);
467 	FCHK(fs->fs_ipg, <, 1, %jd);
468 	FCHK(fs->fs_ipg * fs->fs_ncg, >, (((int64_t)(1)) << 32) - INOPB(fs),
469 	    %jd);
470 	FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd);
471 	FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd);
472 	FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd);
473 	FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd);
474 	FCHK(fs->fs_bmask, !=, ~(fs->fs_bsize - 1), %#jx);
475 	FCHK(fs->fs_fmask, !=, ~(fs->fs_fsize - 1), %#jx);
476 	FCHK(fs->fs_qbmask, !=, ~fs->fs_bmask, %#jx);
477 	FCHK(fs->fs_qfmask, !=, ~fs->fs_fmask, %#jx);
478 	FCHK(fs->fs_bshift, !=, ILOG2(fs->fs_bsize), %jd);
479 	FCHK(fs->fs_fshift, !=, ILOG2(fs->fs_fsize), %jd);
480 	FCHK(fs->fs_fragshift, !=, ILOG2(fs->fs_frag), %jd);
481 	FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd);
482 	FCHK(fs->fs_old_cgoffset, <, 0, %jd);
483 	FCHK2(fs->fs_old_cgoffset, >, 0, ~fs->fs_old_cgmask, <, 0, %jd);
484 	FCHK(fs->fs_old_cgoffset * (~fs->fs_old_cgmask), >, fs->fs_fpg, %jd);
485 	FCHK(fs->fs_sblkno, !=, roundup(
486 	    howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize),
487 	    fs->fs_frag), %jd);
488 	FCHK(fs->fs_cblkno, !=, fs->fs_sblkno +
489 	    roundup(howmany(SBLOCKSIZE, fs->fs_fsize), fs->fs_frag), %jd);
490 	FCHK(fs->fs_iblkno, !=, fs->fs_cblkno + fs->fs_frag, %jd);
491 	FCHK(fs->fs_dblkno, !=, fs->fs_iblkno + fs->fs_ipg / INOPF(fs), %jd);
492 	FCHK(fs->fs_cgsize, >, fs->fs_bsize, %jd);
493 	/*
494 	 * This test is valid, however older versions of growfs failed
495 	 * to correctly update fs_dsize so will fail this test. Thus we
496 	 * exclude it from the requirements.
497 	 */
498 #ifdef notdef
499 	WCHK(fs->fs_dsize, !=, fs->fs_size - fs->fs_sblkno -
500 		fs->fs_ncg * (fs->fs_dblkno - fs->fs_sblkno) -
501 		howmany(fs->fs_cssize, fs->fs_fsize), %jd);
502 #endif
503 	WCHK(fs->fs_metaspace, <, 0, %jd);
504 	WCHK(fs->fs_metaspace, >, fs->fs_fpg / 2, %jd);
505 	WCHK(fs->fs_minfree, >, 99, %jd%%);
506 	maxfilesize = fs->fs_bsize * UFS_NDADDR - 1;
507 	for (sizepb = fs->fs_bsize, i = 0; i < UFS_NIADDR; i++) {
508 		sizepb *= NINDIR(fs);
509 		maxfilesize += sizepb;
510 	}
511 	WCHK(fs->fs_maxfilesize, !=, maxfilesize, %jd);
512 	/*
513 	 * These values have a tight interaction with each other that
514 	 * makes it hard to tightly bound them. So we can only check
515 	 * that they are within a broader possible range.
516 	 *
517 	 * The size cannot always be accurately determined, but ensure
518 	 * that it is consistent with the number of cylinder groups (fs_ncg)
519 	 * and the number of fragments per cylinder group (fs_fpg). Ensure
520 	 * that the summary information size is correct and that it starts
521 	 * and ends in the data area of the same cylinder group.
522 	 */
523 	FCHK(fs->fs_size, <, 8 * fs->fs_frag, %jd);
524 	WCHK(fs->fs_size, <=, (fs->fs_ncg - 1) * fs->fs_fpg, %jd);
525 	WCHK(fs->fs_size, >, fs->fs_ncg * fs->fs_fpg, %jd);
526 	/*
527 	 * If we are not requested to read in the csum data stop here
528 	 * as the correctness of the remaining values is only important
529 	 * to bound the space needed to be allocated to hold the csum data.
530 	 */
531 	if ((flags & UFS_NOCSUM) != 0)
532 		return (error);
533 	FCHK(fs->fs_csaddr, <, 0, %jd);
534 	FCHK(fs->fs_cssize, !=,
535 	    fragroundup(fs, fs->fs_ncg * sizeof(struct csum)), %jd);
536 	FCHK(dtog(fs, fs->fs_csaddr), >, fs->fs_ncg, %jd);
537 	FCHK(fs->fs_csaddr, <, cgdmin(fs, dtog(fs, fs->fs_csaddr)), %jd);
538 	FCHK(dtog(fs, fs->fs_csaddr + howmany(fs->fs_cssize, fs->fs_fsize)), >,
539 	    dtog(fs, fs->fs_csaddr), %jd);
540 	/*
541 	 * With file system clustering it is possible to allocate
542 	 * many contiguous blocks. The kernel variable maxphys defines
543 	 * the maximum transfer size permitted by the controller and/or
544 	 * buffering. The fs_maxcontig parameter controls the maximum
545 	 * number of blocks that the filesystem will read or write
546 	 * in a single transfer. It is calculated when the filesystem
547 	 * is created as maxphys / fs_bsize. The loader uses a maxphys
548 	 * of 128K even when running on a system that supports larger
549 	 * values. If the filesystem was built on a system that supports
550 	 * a larger maxphys (1M is typical) it will have configured
551 	 * fs_maxcontig for that larger system. So we bound the upper
552 	 * allowable limit for fs_maxconfig to be able to at least
553 	 * work with a 1M maxphys on the smallest block size filesystem:
554 	 * 1M / 4096 == 256. There is no harm in allowing the mounting of
555 	 * filesystems that make larger than maxphys I/O requests because
556 	 * those (mostly 32-bit machines) can (very slowly) handle I/O
557 	 * requests that exceed maxphys.
558 	 */
559 	WCHK(fs->fs_maxcontig, <, 0, %jd);
560 	WCHK(fs->fs_maxcontig, >, MAX(256, maxphys / fs->fs_bsize), %jd);
561 	WCHK2(fs->fs_maxcontig, ==, 0, fs->fs_contigsumsize, !=, 0, %jd);
562 	WCHK2(fs->fs_maxcontig, >, 1, fs->fs_contigsumsize, !=,
563 	    MIN(fs->fs_maxcontig, FS_MAXCONTIG), %jd);
564 	return (error);
565 }
566 
567 /*
568  * Make an extensive search to find a superblock. If the superblock
569  * in the standard place cannot be used, try looking for one of the
570  * backup superblocks.
571  *
572  * Flags are made up of the following or'ed together options:
573  *
574  * UFS_NOMSG indicates that superblock inconsistency error messages
575  *    should not be printed.
576  *
577  * UFS_NOCSUM causes only the superblock itself to be returned, but does
578  *    not read in any auxillary data structures like the cylinder group
579  *    summary information.
580  */
581 int
582 ffs_sbsearch(void *devfd, struct fs **fsp, int reqflags,
583     struct malloc_type *filltype,
584     int (*readfunc)(void *devfd, off_t loc, void **bufp, int size))
585 {
586 	struct fsrecovery *fsr;
587 	struct fs *protofs;
588 	void *fsrbuf;
589 	char *cp;
590 	long nocsum, flags, msg, cg;
591 	off_t sblk, secsize;
592 	int error;
593 
594 	msg = (reqflags & UFS_NOMSG) == 0;
595 	nocsum = reqflags & UFS_NOCSUM;
596 	/*
597 	 * Try normal superblock read and return it if it works.
598 	 *
599 	 * Suppress messages if it fails until we find out if
600 	 * failure can be avoided.
601 	 */
602 	flags = UFS_NOMSG | nocsum;
603 	if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0)
604 		return (0);
605 	/*
606 	 * First try: ignoring hash failures.
607 	 */
608 	flags |= UFS_NOHASHFAIL;
609 	if (msg)
610 		flags &= ~UFS_NOMSG;
611 	if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) == 0)
612 		return (0);
613 	/*
614 	 * Next up is to check if fields of the superblock that are
615 	 * needed to find backup superblocks are usable.
616 	 */
617 	if (msg)
618 		printf("Attempted recovery for standard superblock: failed\n");
619 	flags = UFS_FSRONLY | UFS_NOHASHFAIL | UFS_NOMSG;
620 	if (ffs_sbget(devfd, &protofs, UFS_STDSB, flags, filltype,
621 	    readfunc) == 0) {
622 		if (msg)
623 			printf("Attempted extraction of recovery data from "
624 			    "standard superblock: ");
625 	} else {
626 		/*
627 		 * Final desperation is to see if alternate superblock
628 		 * parameters have been saved in the boot area.
629 		 */
630 		if (msg)
631 			printf("Attempted extraction of recovery data from "
632 			    "standard superblock: failed\nAttempt to find "
633 			    "boot zone recovery data: ");
634 		/*
635 		 * Look to see if recovery information has been saved.
636 		 * If so we can generate a prototype superblock based
637 		 * on that information.
638 		 *
639 		 * We need fragments-per-group, number of cylinder groups,
640 		 * location of the superblock within the cylinder group, and
641 		 * the conversion from filesystem fragments to disk blocks.
642 		 *
643 		 * When building a UFS2 filesystem, newfs(8) stores these
644 		 * details at the end of the boot block area at the start
645 		 * of the filesystem partition. If they have been overwritten
646 		 * by a boot block, we fail.  But usually they are there
647 		 * and we can use them.
648 		 *
649 		 * We could ask the underlying device for its sector size,
650 		 * but some devices lie. So we just try a plausible range.
651 		 */
652 		error = ENOENT;
653 		for (secsize = dbtob(1); secsize <= SBLOCKSIZE; secsize *= 2)
654 			if ((error = (*readfunc)(devfd, (SBLOCK_UFS2 - secsize),
655 			    &fsrbuf, secsize)) == 0)
656 				break;
657 		if (error != 0)
658 			goto trynowarn;
659 		cp = fsrbuf; /* type change to keep compiler happy */
660 		fsr = (struct fsrecovery *)&cp[secsize - sizeof *fsr];
661 		if (fsr->fsr_magic != FS_UFS2_MAGIC ||
662 		    (protofs = UFS_MALLOC(SBLOCKSIZE, filltype, M_NOWAIT))
663 		    == NULL) {
664 			UFS_FREE(fsrbuf, filltype);
665 			goto trynowarn;
666 		}
667 		memset(protofs, 0, sizeof(struct fs));
668 		protofs->fs_fpg = fsr->fsr_fpg;
669 		protofs->fs_fsbtodb = fsr->fsr_fsbtodb;
670 		protofs->fs_sblkno = fsr->fsr_sblkno;
671 		protofs->fs_magic = fsr->fsr_magic;
672 		protofs->fs_ncg = fsr->fsr_ncg;
673 		UFS_FREE(fsrbuf, filltype);
674 	}
675 	/*
676 	 * Scan looking for alternative superblocks.
677 	 */
678 	for (cg = 0; cg < protofs->fs_ncg; cg++) {
679 		sblk = dbtob(fsbtodb(protofs, cgsblock(protofs, cg)));
680 		if (ffs_sbget(devfd, fsp, sblk, UFS_NOMSG | nocsum, filltype,
681 		    readfunc) == 0) {
682 			if (msg)
683 				printf("succeeded with alternate superblock "
684 				    "at %jd\n", (intmax_t)btodb(sblk));
685 			UFS_FREE(protofs, filltype);
686 			return (0);
687 		}
688 	}
689 	UFS_FREE(protofs, filltype);
690 	/*
691 	 * Our alternate superblock strategies failed. Our last ditch effort
692 	 * is to see if the standard superblock has only non-critical errors.
693 	 */
694 trynowarn:
695 	flags = UFS_NOWARNFAIL | UFS_NOMSG | nocsum;
696 	if (msg) {
697 		printf("failed\n");
698 		flags &= ~UFS_NOMSG;
699 	}
700 	if (ffs_sbget(devfd, fsp, UFS_STDSB, flags, filltype, readfunc) != 0)
701 		return (ENOENT);
702 	if (msg)
703 		printf("Using standard superblock with non-critical errors.\n");
704 	return (0);
705 }
706 
707 /*
708  * Write a superblock to the devfd device from the memory pointed to by fs.
709  * Write out the superblock summary information if it is present.
710  *
711  * If the write is successful, zero is returned. Otherwise one of the
712  * following error values is returned:
713  *     EIO: failed to write superblock.
714  *     EIO: failed to write superblock summary information.
715  */
716 int
717 ffs_sbput(void *devfd, struct fs *fs, off_t loc,
718     int (*writefunc)(void *devfd, off_t loc, void *buf, int size))
719 {
720 	int i, error, blks, size;
721 	uint8_t *space;
722 
723 	/*
724 	 * If there is summary information, write it first, so if there
725 	 * is an error, the superblock will not be marked as clean.
726 	 */
727 	if (fs->fs_si != NULL && fs->fs_csp != NULL) {
728 		blks = howmany(fs->fs_cssize, fs->fs_fsize);
729 		space = (uint8_t *)fs->fs_csp;
730 		for (i = 0; i < blks; i += fs->fs_frag) {
731 			size = fs->fs_bsize;
732 			if (i + fs->fs_frag > blks)
733 				size = (blks - i) * fs->fs_fsize;
734 			if ((error = (*writefunc)(devfd,
735 			     dbtob(fsbtodb(fs, fs->fs_csaddr + i)),
736 			     space, size)) != 0)
737 				return (error);
738 			space += size;
739 		}
740 	}
741 	fs->fs_fmod = 0;
742 #ifndef _KERNEL
743 	{
744 		struct fs_summary_info *fs_si;
745 
746 		fs->fs_time = time(NULL);
747 		/* Clear the pointers for the duration of writing. */
748 		fs_si = fs->fs_si;
749 		fs->fs_si = NULL;
750 		fs->fs_ckhash = ffs_calc_sbhash(fs);
751 		error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize);
752 		fs->fs_si = fs_si;
753 	}
754 #else /* _KERNEL */
755 	fs->fs_time = time_second;
756 	fs->fs_ckhash = ffs_calc_sbhash(fs);
757 	error = (*writefunc)(devfd, loc, fs, fs->fs_sbsize);
758 #endif /* _KERNEL */
759 	return (error);
760 }
761 
762 /*
763  * Calculate the check-hash for a superblock.
764  */
765 uint32_t
766 ffs_calc_sbhash(struct fs *fs)
767 {
768 	uint32_t ckhash, save_ckhash;
769 
770 	/*
771 	 * A filesystem that was using a superblock ckhash may be moved
772 	 * to an older kernel that does not support ckhashes. The
773 	 * older kernel will clear the FS_METACKHASH flag indicating
774 	 * that it does not update hashes. When the disk is moved back
775 	 * to a kernel capable of ckhashes it disables them on mount:
776 	 *
777 	 *	if ((fs->fs_flags & FS_METACKHASH) == 0)
778 	 *		fs->fs_metackhash = 0;
779 	 *
780 	 * This leaves (fs->fs_metackhash & CK_SUPERBLOCK) == 0) with an
781 	 * old stale value in the fs->fs_ckhash field. Thus the need to
782 	 * just accept what is there.
783 	 */
784 	if ((fs->fs_metackhash & CK_SUPERBLOCK) == 0)
785 		return (fs->fs_ckhash);
786 
787 	save_ckhash = fs->fs_ckhash;
788 	fs->fs_ckhash = 0;
789 	/*
790 	 * If newly read from disk, the caller is responsible for
791 	 * verifying that fs->fs_sbsize <= SBLOCKSIZE.
792 	 */
793 	ckhash = calculate_crc32c(~0L, (void *)fs, fs->fs_sbsize);
794 	fs->fs_ckhash = save_ckhash;
795 	return (ckhash);
796 }
797 
798 /*
799  * Update the frsum fields to reflect addition or deletion
800  * of some frags.
801  */
802 void
803 ffs_fragacct(struct fs *fs, int fragmap, int32_t fraglist[], int cnt)
804 {
805 	int inblk;
806 	int field, subfield;
807 	int siz, pos;
808 
809 	inblk = (int)(fragtbl[fs->fs_frag][fragmap]) << 1;
810 	fragmap <<= 1;
811 	for (siz = 1; siz < fs->fs_frag; siz++) {
812 		if ((inblk & (1 << (siz + (fs->fs_frag % NBBY)))) == 0)
813 			continue;
814 		field = around[siz];
815 		subfield = inside[siz];
816 		for (pos = siz; pos <= fs->fs_frag; pos++) {
817 			if ((fragmap & field) == subfield) {
818 				fraglist[siz] += cnt;
819 				pos += siz;
820 				field <<= siz;
821 				subfield <<= siz;
822 			}
823 			field <<= 1;
824 			subfield <<= 1;
825 		}
826 	}
827 }
828 
829 /*
830  * block operations
831  *
832  * check if a block is available
833  */
834 int
835 ffs_isblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h)
836 {
837 	unsigned char mask;
838 
839 	switch ((int)fs->fs_frag) {
840 	case 8:
841 		return (cp[h] == 0xff);
842 	case 4:
843 		mask = 0x0f << ((h & 0x1) << 2);
844 		return ((cp[h >> 1] & mask) == mask);
845 	case 2:
846 		mask = 0x03 << ((h & 0x3) << 1);
847 		return ((cp[h >> 2] & mask) == mask);
848 	case 1:
849 		mask = 0x01 << (h & 0x7);
850 		return ((cp[h >> 3] & mask) == mask);
851 	default:
852 #ifdef _KERNEL
853 		panic("ffs_isblock");
854 #endif
855 		break;
856 	}
857 	return (0);
858 }
859 
860 /*
861  * check if a block is free
862  */
863 int
864 ffs_isfreeblock(struct fs *fs, u_char *cp, ufs1_daddr_t h)
865 {
866 
867 	switch ((int)fs->fs_frag) {
868 	case 8:
869 		return (cp[h] == 0);
870 	case 4:
871 		return ((cp[h >> 1] & (0x0f << ((h & 0x1) << 2))) == 0);
872 	case 2:
873 		return ((cp[h >> 2] & (0x03 << ((h & 0x3) << 1))) == 0);
874 	case 1:
875 		return ((cp[h >> 3] & (0x01 << (h & 0x7))) == 0);
876 	default:
877 #ifdef _KERNEL
878 		panic("ffs_isfreeblock");
879 #endif
880 		break;
881 	}
882 	return (0);
883 }
884 
885 /*
886  * take a block out of the map
887  */
888 void
889 ffs_clrblock(struct fs *fs, u_char *cp, ufs1_daddr_t h)
890 {
891 
892 	switch ((int)fs->fs_frag) {
893 	case 8:
894 		cp[h] = 0;
895 		return;
896 	case 4:
897 		cp[h >> 1] &= ~(0x0f << ((h & 0x1) << 2));
898 		return;
899 	case 2:
900 		cp[h >> 2] &= ~(0x03 << ((h & 0x3) << 1));
901 		return;
902 	case 1:
903 		cp[h >> 3] &= ~(0x01 << (h & 0x7));
904 		return;
905 	default:
906 #ifdef _KERNEL
907 		panic("ffs_clrblock");
908 #endif
909 		break;
910 	}
911 }
912 
913 /*
914  * put a block into the map
915  */
916 void
917 ffs_setblock(struct fs *fs, unsigned char *cp, ufs1_daddr_t h)
918 {
919 
920 	switch ((int)fs->fs_frag) {
921 	case 8:
922 		cp[h] = 0xff;
923 		return;
924 	case 4:
925 		cp[h >> 1] |= (0x0f << ((h & 0x1) << 2));
926 		return;
927 	case 2:
928 		cp[h >> 2] |= (0x03 << ((h & 0x3) << 1));
929 		return;
930 	case 1:
931 		cp[h >> 3] |= (0x01 << (h & 0x7));
932 		return;
933 	default:
934 #ifdef _KERNEL
935 		panic("ffs_setblock");
936 #endif
937 		break;
938 	}
939 }
940 
941 /*
942  * Update the cluster map because of an allocation or free.
943  *
944  * Cnt == 1 means free; cnt == -1 means allocating.
945  */
946 void
947 ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_daddr_t blkno, int cnt)
948 {
949 	int32_t *sump;
950 	int32_t *lp;
951 	u_char *freemapp, *mapp;
952 	int i, start, end, forw, back, map;
953 	u_int bit;
954 
955 	if (fs->fs_contigsumsize <= 0)
956 		return;
957 	freemapp = cg_clustersfree(cgp);
958 	sump = cg_clustersum(cgp);
959 	/*
960 	 * Allocate or clear the actual block.
961 	 */
962 	if (cnt > 0)
963 		setbit(freemapp, blkno);
964 	else
965 		clrbit(freemapp, blkno);
966 	/*
967 	 * Find the size of the cluster going forward.
968 	 */
969 	start = blkno + 1;
970 	end = start + fs->fs_contigsumsize;
971 	if (end >= cgp->cg_nclusterblks)
972 		end = cgp->cg_nclusterblks;
973 	mapp = &freemapp[start / NBBY];
974 	map = *mapp++;
975 	bit = 1U << (start % NBBY);
976 	for (i = start; i < end; i++) {
977 		if ((map & bit) == 0)
978 			break;
979 		if ((i & (NBBY - 1)) != (NBBY - 1)) {
980 			bit <<= 1;
981 		} else {
982 			map = *mapp++;
983 			bit = 1;
984 		}
985 	}
986 	forw = i - start;
987 	/*
988 	 * Find the size of the cluster going backward.
989 	 */
990 	start = blkno - 1;
991 	end = start - fs->fs_contigsumsize;
992 	if (end < 0)
993 		end = -1;
994 	mapp = &freemapp[start / NBBY];
995 	map = *mapp--;
996 	bit = 1U << (start % NBBY);
997 	for (i = start; i > end; i--) {
998 		if ((map & bit) == 0)
999 			break;
1000 		if ((i & (NBBY - 1)) != 0) {
1001 			bit >>= 1;
1002 		} else {
1003 			map = *mapp--;
1004 			bit = 1U << (NBBY - 1);
1005 		}
1006 	}
1007 	back = start - i;
1008 	/*
1009 	 * Account for old cluster and the possibly new forward and
1010 	 * back clusters.
1011 	 */
1012 	i = back + forw + 1;
1013 	if (i > fs->fs_contigsumsize)
1014 		i = fs->fs_contigsumsize;
1015 	sump[i] += cnt;
1016 	if (back > 0)
1017 		sump[back] -= cnt;
1018 	if (forw > 0)
1019 		sump[forw] -= cnt;
1020 	/*
1021 	 * Update cluster summary information.
1022 	 */
1023 	lp = &sump[fs->fs_contigsumsize];
1024 	for (i = fs->fs_contigsumsize; i > 0; i--)
1025 		if (*lp-- > 0)
1026 			break;
1027 	fs->fs_maxcluster[cgp->cg_cgx] = i;
1028 }
1029